package tech.edwardvan.springsecuritydemo.security.config;

import lombok.RequiredArgsConstructor;
import org.springframework.boot.autoconfigure.security.servlet.PathRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import tech.edwardvan.springsecuritydemo.security.common.SecurityConstant;

/**
 * 公共Security 配置
 *
 * @author EdwardVan
 */
@Configuration
@RequiredArgsConstructor
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
public class CommonSecurityConfig {

    /**
     * 加密算法
     */
    @Bean
    public PasswordEncoder getPasswordEncoder() {
        return new BCryptPasswordEncoder();
    }

    /**
     * 配置不经过Spring Security过滤器链的路径
     */
    @Bean
    public WebSecurityCustomizer webSecurityCustomizer() {
        return (web) -> web
                .ignoring()
                .antMatchers(SecurityConstant.SWAGGER_WHITELIST)
                .antMatchers(SecurityConstant.SYSTEM_WHITELIST)
                .requestMatchers(PathRequest.toStaticResources().atCommonLocations());
    }
}
